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in response to detecting the request, determining ^ettteTsaid action is authorized 
\ based on [an association between] permissions [and] associated with a 
plurality of rautifies in a calling hierarchy associated with said principal. 

1 2. (Not Amended) The method of Claim 1, wherein: 

2 the step of detecting when a request for an action is made includes detecting when a 

3 request for an action is made by a thread; and 

4 the step of determining whether said action is authorized includes determining 

5 whether said action is authorized based on an association between permissions 

6 and a plurality of routines in a calling hierarchy associated with said thread. 

1 3. (Not Amended) The method of Claim 1, wherein: 

2 the calling hierarchy includes a first routine; and 

3 the step of determining whether said action is authorized further includes determining 

4 whether a permission required to perform said action is encompassed by at 

5 least one permission associated with said first routine. 




2 
3 
4 
5 



(Amended) The method of Claim 3, wherein said [association between] opHfnssions 
[and] are associated with said plurality of routines [is] based op^first association 
between p iulucl iuii duniaiiis and ptHni s sionsn 



(Amended) A method for providing segttntv, the method comprising the steps of: 
detecting when a request for aivfction is made by ajflrincipal; A 
determining whether sanction is authorized basgdbn an association between 

permission and a plurality of routines iri a calling hierarchy associated with 
said/ffrincipal: 
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[The method of Claim 4, wherejrf:] 

wherein each routine of saicj/£lurali# of roy&nes is associated with a class; and 
wherein said associatioiyfjetween jpermissions)and said plurality of routines is based 
on a second association between classes and protection domains. 



1 
2 
3 
4 




(Not Amended) The method of Claim 1, wherein the step of determining whether 
said action is authorized further includes determining whether a permission required 
to perform said action is encompassed by at least one permission associated with each 
routine in said calling hierarchy. 



(Amended) The method of Claim 1, wherein: 
a first routine in said calling hierarchy's privileged; and 

wherein the step of determining wKether said action is authorized further includes 
determining whether ^permission required to perform said action is 
encompassed by at least one permission associated with each routine in said 
calling hierarchy between and including said first routine and a second routine 
in said calling hierarchy, wherein said second routine is invoked after said first 
routine 9/ wherein said second routine is a routine for performing said requested 
acti 



1 8. (Not Amended) The method of Claim 7, wherein the step of determining whether 

2 said permission required to perform said action is encompassed by at least one 

3 permission associated with each routine in said calling hierarchy between and 

4 including said first routine and said second routine further includes the steps of: 

5 determining whether said permission required is encompassed by at least one 

6 permission associated with said second routine; and 



50435'0\ S(T2244/TJC) 



46 




-4- 



7 in response to determining said permission required is encompassed by at least one 

8 permission associated with said second routine, then performing the steps of: 

9 A) selecting a next routine from said plurality of routines in said calling 

10 hierarchy, 

11 B) if said permission required is not encompassed by at least one permission 

12 associated with said next routine, then transmitting a message 

13 indicating that said permission required is not authorized, and 

14 C) repeating steps A and B until: 

15 said permission required is not authorized by at least one permission 

1 6 associated with said next routine, 

17 there are no more routines to select from said plurality of routines in 

18 said calling hierarchy, or 

19 determining that said next routine is said first routine. 

1 9. (Not Amended) The method of Claim 8, wherein: 

2 the method further includes the step of setting a flag associated with said first routine 

3 to indicate that said first routine is privileged; and 

4 the step of determining that said next routine is said first routine includes determining 

5 that a flag associated with said next routine indicates said next routine is 

6 privileged. 

1 1 0. (Not Amended) The method of Claim 9, wherein the step of setting said flag 

2 associated with said first routine includes setting a flag in a frame in said calling 

3 hierarchy associated with said thread. 
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(Amended) A computer-readable medium carrying one or more sequenpdf of one or 
more instructions, [wherein the execution of] the one or more sequences of the one or 
more instructions including instructions which, when ex^uted bv one or more 
processors, causes the one or more processors tp^erform the steps of: 
detecting when a request for an action iyrfade by a principal; and 
in response to detecting the reques^ aetermining whether said action is authorized 
based on [an association between] permissions [and] associated with a 
plurality of routines in a calling hierarchy associated with said principal. 

12. (Not Amended) The computer-readable medium of Claim 11, wherein: 

the step of detecting when a request for an action is made includes detecting when a 
request for an action is made by a thread; and 

the step of determining whether said action is authorized includes determining 

whether said action is authorized based on an association between permissions 
and a plurality of routines in a calling hierarchy associated with said thread. 

1 3 . (Not Amended) The computer readable medium of Claim 1 1 , wherein: 
the calling hierarchy includes a first routine; and 

the step of determining whether said action is authorized further includes determining 
whether a permission required to perform said action is encompassed by at 
least one permission associated with said first routine. 

14. (Amended) The computer-readable medimn^f^lmm 11, wherein said [association 
between] permissions [and] are^ggsociated with s,aia^uralitv of routines [is] based on 
a first associatioi>bSfween protection doritaifis-^td^^missions. 
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(Amended) A computer-readable medium bearing instructions for providing security, 

the instructions including instructions for performing the steps of: 

detecting when a request for an action is made bv a principal; 

determining whether said action is authorized based on an association between 

permissions and a plurality of routines in a calling hierarchy associated with 

said principal; 
[The computer-readable medium of Claim 11, wherein:] 

wherein each routine of said plurality of routines is associated with a class; 
and 

wherein said association between permissions and said plurality of routines is 
based on a second association between classes and protection domains. 



(Not Amended) The computer readable medium of Claim 1 1, wherein the step of 
determining whether said action is authorized further includes determining whether a 
permission required to perform said action is encompassed by at least one permission 
associated with each routine in said calling hierarchy. 



1 ) 1 7. (Amended) The computer readable medium of Claim 1 1 , w^herein: 
a first routine in said calling hierarchy is privileged; 

wherein the step of determining whether said aptlon is authorized further includes 
determining whether a permissiojvrcquired to perform said action is 
encompassed by at least one'permission associated with each routine in said 
calling hierarchy bet>tfeen and including said first routine and a second routine 
in said callingjfierarchy, wherein said second routine is invoked after said first 
routine/wherein said second routine is a routine for performing said requested 
non. 
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1 18. (Not Amended) The computer readable medium of Claim 17, wherein the step of 

2 determining whether said permission required to perform said action is encompassed 

3 by at least one permission associated with each routine in said calling hierarchy 

4 between and including said first routine and said second routine further includes the 

5 steps of: 

6 determining whether said permission required is encompassed by at least one 

7 permission associated with said second routine; and 

8 in response to determining said permission required is encompassed by at least one 

9 permission associated with said second routine, then performing the steps of: 

10 A) selecting a next routine from said plurality of routines in said calling 

1 1 hierarchy, 

12 B) if said permission required is not encompassed by at least one permission 

1 3 associated with said next routine, then transmitting a message 

14 indicating that said permission required is not authorized, and 

1 5 C) repeating steps A and B until: 

16 said permission required is not authorized by at least one permission 

17 associated with said next routine, 

18 there are no more routines to select from said plurality of routines in 

1 9 said calling hierarchy, or 

20 determining that said next routine is said first routine. 
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1 19. (Not Amended) The computer readable medium of Claim 18, wherein: 

2 the computer readable medium further comprises one or more instructions for 

3 performing the step of setting a flag associated with said first routine to 

4 indicate that said first routine is privileged; and 

5 the step of determining that said next routine is said first routine includes determining 

6 that a flag associated with said next routine indicates said next routine is 

7 privileged. 



A 



1 20. (Not Amended) The computer readable medium of Claim 19, wherein the step of 

2 setting said flag associated with said first routine includes setting a flag in a frame in 

3 said calling hierarchy associated with said thread. 

1. (Amended) A computer system comprisj/ng: 
a processor; 

a memory coupled to said processor; 

said processor being configured to ^etect when a request for an action is made by a 
principal; and 

said processor being configured to respond to detecting the request by determining 
[determine] whetheysaid action is authorized based on [an association 
between] permissions [and] associated with a plurality of routines in a calling 
- — hierarchy a s sociated wit h said ftgncigaL 



(Amended) The computer system of Clairn^l, [wherein] wherein: 
the calling hierarchy includes a first routine: and 
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said processor is configured to determine whether said action is authorized by 
determining whether a permission required to perform said action is 
encompassed by at least one permission associated with said first routine. 

(Amended) The computer system of Claim^l, wherein 
said processor is configured to determine whether said action is authorized by 
determining whether a permission required to perform said action is 
encompassed by at least one permission associated with each routine in said 
calling hierarchy. 

REMARKS 

The Examiner is thanked for the performance of a thorough search. 
By this amendment, Claims 1, 4, 5, 7, 1 1, 14, 15, 17 and 21-23 have been amended. 
No claims have been added or cancelled. Hence, Claims 1-23 are pending in the application. 

As a preliminary matter, receipt of the Notice of Draftsperson's Patent Drawing 
Review is acknowledged. Applicant recognizes that the present drawings are acceptable for 
examination purposes only. Formal drawings will be submitted after completion of the 
examination process upon the issuance of a Notice of Allowance. 

SUMMARY OF THE REJECTIONS/OBJECTIONS 

Claims 1 1 and 22 are objected to on the grounds that they contain limitations that lack 
antecedent basis. In response, Claims 1 1 and 22 have been amended. It is respectfully 
submitted that Claims 1 1 and 22 as amended do not contain any limitation that lacks 
antecedent basis. Withdrawal of these objections is respectfully requested. 
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